The importance of identity and access management in the modern digital enterprise cannot be denied. These programs ensure employees have timely access to the resources needed to complete their work, while simultaneously protecting those resources against unauthorized use and other security risks. They integrate provisioning, authorization and deprovisioning processes with HR management systems and generally ensure that the modern workforce functions effectively and securely.
While traditional IAM plays a vital role in every enterprise, it often leaves behind a critical group of stakeholders: the customers. Insiders benefit from advanced IAM technology, but customers are often left with simplistic tools that fail to meet their needs. At the same time, business leaders are left unable to use customer data to better market products and services.
Benefits of a customer IAM architecture
A customer IAM (CIAM) architecture extends the benefits of traditional IAM outside the enterprise’s digital walls to include customer access to resources. CIAM capabilities combine security and business features to protect customer data and better integrate customer activity into business processes and workflows.
From a security perspective, CIAM capabilities include strong verification of identity, provisioning and authentication, which are often lacking in homegrown customer security tools. CIAM platforms can also provide a self-service portal. This enables customers to register and create their own accounts and may automatically grant authorizations to those accounts based upon existing customer relationships. They also integrate multifactor authentication capabilities to strengthen the security of customer accounts.
From a business perspective, CIAM opens the door to new marketing and digital analytics capabilities. Businesses with strong CIAM platforms can better track customer activity across systems, thus enabling them to effectively target marketing efforts, reliably test new promotions and gain new insights into customer behavior.
How to select a CIAM platform
The first step in building out a CIAM architecture is selecting a provider. The major players in this space come from two different backgrounds. Some evolved from traditional, security-focused IAM services, while others evolved from digital marketing platforms. Choosing between these two categories will influence the direction of the program and determine the capabilities available in the future.
Platform #1: Security-focused
Selecting a security-focused IAM platform ensures the vendor will remain on the cutting edge of security capabilities. With this option, buyers may be able to use a single offering for both CIAM and traditional IAM activities. Such platforms facilitate integrations with internal user management systems and reduce the duplication of work on behalf of IAM teams who manage both employee and customer access to resources.
However, note that marketing and analytics capabilities are often new to these vendors and may lack the sophistication of modern digital marketing tools.
Platform #2: Marketing-focused
Selecting a marketing-focused platform changes the entire focus of the system. With this option, marketing capabilities are at the forefront. What security-focused platforms lack in marketing and analytics capabilities, these platforms do not. Organizations taking this approach can take advantage of state-of-the-art marketing capabilities to capitalize on customer data and insights.
The tradeoff, however, is these vendors often lack the security bona fides of traditional, security-focused IAM vendors. Organizations using a marketing-focused CIAM architecture may experience lacking security integration capabilities, which require additional effort from cybersecurity and IAM teams.
As the CIAM market continues to evolve, there will likely be a convergence of these platforms, as well as better integration of security and business functionality. For now, enterprises considering deployment of CIAM architectures need to consider these options and select the path that best meets their requirements.